<?php
namespace app\filters;

use yii\filters\auth\QueryParamAuth;
class ParamAuth extends QueryParamAuth
{
    public $tokenParam = 'access-token';
    
    public function authenticate($user, $request, $response) {
        $headers = \Yii::$app->getRequest()->getHeaders();
        $accessToken = $headers->get('access-token', null);
        
        if (isset($headers[$this->tokenParam])) {
            $accessToken = $headers[$this->tokenParam];
        }
        
        if (is_string($accessToken)) {
            $identity = $user->loginByAccessToken($accessToken, get_class($this));
            if ($identity !== null) {
                return $identity;
            }
        }
        if ($accessToken !== null) {
            $this->handleFailure($response);
        }

        return null;
    }    
}

?>